Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
A previous commit introduced semver.coerce() on the patch version range, when doing 'snyk protect'. The problem is that coerce() returns a SemVer type, not a string. The existing code uses semver.satisfies() to check if the given patch applies to the node_module, but since satisfies() expects a string, the patch was not applied since the check never passed. This resulted in patches being skipped, but we marked them as applied. The following fix restores the previous functionality of running satisfies() on the patch range but also keeps the existing check of using coerce() while also fixing the output of coerce() to be a string (by reading the version property of the SemVer type). This way we do a check that the patch version is a SemVer range, but we also correctly cover the case where it's not a SemVer range (which was originally the intention).
- Loading branch information